API 管理策略示例API Management policy samples

策略是一项强大的系统功能,可让发布者通过配置更改 API 的行为。Policies are a powerful capability of the system that allows the publisher to change the behavior of the API through configuration. 策略是一组语句,在请求或响应 API 时按顺序执行。Policies are a collection of statements that are executed sequentially on the request or response of an API. 下表包含示例链接,并提供每个示例的简要说明。The following table includes links to samples and gives a brief description of each sample.

入站策略Inbound policies
添加 Forwarded 标头,使后端 API 能够构造正确的 URLAdd a Forwarded header to allow the backend API to construct proper URLs 演示如何在入站请求中添加 Forwarded 标头,使后端 API 能够构造正确的 URL。Demonstrates how to add a Forwarded header in the inbound request to allow the backend API to construct proper URLs.
添加包含相关 ID 的标头Add a header containing a correlation id 演示如何将包含相关 ID 的标头添加到入站请求。Demonstrates how to add a header containing a correlation ID to the inbound request.
将功能添加到后端服务并缓存响应Add capabilities to a backend service and cache the response 演示如何将功能添加到后端服务。Shows how to add capabilities to a backend service. 例如,接受位置的名称而不是天气预报 API 中的纬度和经度。For example, accept a name of the place instead of latitude and longitude in a weather forecast API.
基于 JWT 声明授权访问权限Authorize access based on JWT claims 演示如何基于 JWT 声明授予对 API 中特定 HTTP 方法的访问权限。Shows how to authorize access to specific HTTP methods on an API based on JWT claims.
使用外部授权者授权请求Authorize requests using external authorizer 演示如何使用外部授权者保护 API 访问。Shows how to use external authorizer for securing API access.
使用应用程序网关时筛选 IP 地址Filter IP Addresses when using an Application Gateway 说明通过应用程序网关访问 API 管理实例时如何通过策略进行 IP 筛选Shows how to IP filter in policies when the API Management instance is accessed via an Application Gateway
生成共享访问签名并将请求转发到 Azure 存储Generate Shared Access Signature and forward request to Azure storage 演示如何使用表达式生成共享访问签名并使用 rewrite-uri 策略将请求转发到 Azure 存储。Shows how to generate Shared Access Signature using expressions and forward the request to Azure storage with rewrite-uri policy.
从 AAD 获取 OAuth2 访问令牌并将其转发到后端Get OAuth2 access token from AAD and forward it to the backend 提供一个示例用于演示如何使用 OAuth2 在网关与后端之间授权。Provides and example of using OAuth2 for authorization between the gateway and a backend. 该示例演示如何从 AAD 获取访问令牌并将其转发到后端。It shows how to obtain an access token from AAD and forward it to the backend.
使用发送请求策略从 SAP 网关获取 X-CSRF 令牌Get X-CSRF token from SAP gateway using send request policy 演示如何实现许多 API 所用的 X-CSRF 模式。Shows how to implement X-CSRF pattern used by many APIs. 此示例特定于 SAP 网关。This example is specific to SAP Gateway.
基于请求的正文大小路由请求Route the request based on the size of its body 演示如何基于请求的正文大小路由请求。Demonstrates how to route requests based on the size of their bodies.
将请求上下文信息转发到后端服务Send request context information to the backend service 演示如何将一些上下文信息发送到后端服务进行日志记录或处理。Shows how to send some context information to the backend service for logging or processing.
设置响应缓存持续时间Set response cache duration 演示如何使用后端发送的 Cache-Control 标头中的 maxAge 值设置响应缓存持续时间。Demonstrates how to set response cache duration using maxAge value in Cache-Control header sent by the backend.
出站策略Outbound policies
筛选响应内容Filter response content 演示如何基于与请求关联的产品从响应有效负载中筛选数据元素。Demonstrates how to filter data elements from the response payload based on the product associated with the request.
出错时的策略On-error policies
将错误记录到 StackifyLog errors to Stackify 演示如何添加错误日志记录策略,以便将错误发送到 Stackify 进行日志记录。Shows how to add an error logging policy to send errors to Stackify for logging.